Re: Writing Secure code

From: Valdis.Kletnieksat_private
Date: Fri Dec 27 2002 - 10:03:08 PST

Next message: Dana Epp: "Re: Writing Secure code"

Previous message: John Viega: "Re: Writing Secure code"
In reply to: Rahul Chander Kashyap: "Writing Secure code"
Next in thread: Roger Alexander: "RE: Writing Secure code"
Next in thread: Dana Epp: "Re: Writing Secure code"
Reply: Roger Alexander: "RE: Writing Secure code"
Reply: Glynn Clements: "Re: Writing Secure code"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 27 Dec 2002 18:16:17 +0530, Rahul Chander Kashyap <rahulat_private>  said:

> And one more thing...<this one might be intresting ;-)>  Is it possible 
> to write code that is completely secure and not exploitable? 

This is just a specific case of the question "Is it possible to write
totally bug-free code"?  And yes, it's *possible* to write bug-free code.
The problem is that it's incredibly difficult to manage the development
process in such a way that bugs are totally prevented - remember that humans
are writing the code, and humans are.. well... human. ;)

On the flip side, good development practices can probably gain us 2 or maybe
even 3 orders of magnitude in security - remember that 98% of security bugs
are The Same Dumb Things over and over - so simply not doing those dumb
things gets you 2 orders of magnitude right there.

Also, remember that there's some basic economics involved too - if you do
a graph:

  |X .           . O     where 'X' is the costs (incident response, cleanup,
C |X  .         .  O     lost sales, downtime, etc) of not being secure, and
O | X  ..     ..  O      'O' is the cost of actually deploying security (this
S |  X   ..$..   O       stuff *does* have real costs - ever had to get 30K
T |   XX       OO        users to change their password on a regular basis?)
  |     XXX OOO          The '.' line is the *sum* of those two, and will have
  |OOOOOOO   XXXXXXX     a minimum value somewhere - I've marked that with a
  +------------------    '$'.  *THAT* is the correct level of security to have.
     SECURITY

What you want is the *minimum total cost of security*.  Now, for different
applications, the 'X' and 'O' lines have different shapes - if you're securing
nuclear launch codes, the 'X' is almost a horizontal (and very high) line -
it's very expensive to get hacked no matter what your security is.  It makes
sense to spend a billion dollars to secure those.   On the other hand, it
*doesnt* make sense to spend even $200K (and that's not much in development
terms - 2 man-years at best) to secure data that's only worth $2K.
-- 
				Valdis Kletnieks
				Computer Systems Senior Engineer
				Virginia Tech

application/pgp-signature attachment: stored

Next message: Dana Epp: "Re: Writing Secure code"
Previous message: John Viega: "Re: Writing Secure code"
In reply to: Rahul Chander Kashyap: "Writing Secure code"
Next in thread: Roger Alexander: "RE: Writing Secure code"
Next in thread: Dana Epp: "Re: Writing Secure code"
Reply: Roger Alexander: "RE: Writing Secure code"
Reply: Glynn Clements: "Re: Writing Secure code"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Dec 27 2002 - 15:48:11 PST